CloudLinux is a commercially supported Linux operating system interchangeable with CentOS. It includes kernel level technology called LVE that allows you to control CPU and memory on per tenant bases. It is a bases for application level virtualization. CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to multi-tenant hosting environment.

Vulnerability Description:

There is a flaw within the CageFS portion of CloudLinux that allows an attacker to disclose the contents of any file on the server regardless of file ownership.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed.

Vulnerable Version:

This vulnerability was tested against CloudLinux CageFS 5.0-8 and is believed to exist in all prior versions.

This entry was posted
on Friday, August 9th, 2013 at 12:54 PM and is filed under Rack911 Security Advisories.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.